search

kestra-io / plugin-fs

https://kestra.io/plugins/plugin-fs/
Apache License 2.0
6 stars 7 forks source link

feat(ssh): allow to use pubkey auth #111

Closed alexandrebrg closed 6 months ago

alexandrebrg commented 6 months ago

What changes are being made and why?

:wave:

SSH plugin command was missing authentication with asymmetric keys. I added an option to determine which option will be used in the SSH command (PASSWORD vs PUBLIC_KEY), with the ability to give a private key and a passphrase for it.

Moreover, JSch has been replaced by this fork. It's a drop-in replacement, with enhanced capabilities, especially in cryptography. Original version was only able to run ssh-rsa keys, which is a method deprecated nowadays in OpenSSL, and even more, it's disabled by default. (see here).

Based on my light research, this lib wasn't used by any other component, meaning it shouldn't impact other plugins. A little note here to talk about available algorithms, this lib will load various (most commons) algo depending on the java version is it built with (doc). If I remember well, Kestra must be built & run with at least java 17, so it should be good :D

How the changes have been QAed?

I'm running a simple docker-compose as described here, with the below flow and this additional docker compose service:

services:
  openssh-server:
    image: lscr.io/linuxserver/openssh-server:latest
    container_name: openssh-server
    hostname: openssh-server #optional
    environment:
      PUBLIC_KEY: ${ED255_19_PUB_KEY_HERE}
      PUID: 1000
      PGID: 1000
      TZ: Etc/UTC
      LOG_STDOUT: true
      PASSWORD_ACCESS: true
      USER_PASSWORD: password
    ports:
      - 2222:2222
    restart: unless-stopped
# Run the plugin with the two methods: password, public_key
id: hello-world
namespace: company.team
tasks:
  - id: "command"
    type: "io.kestra.plugin.fs.ssh.Command"
    host: openssh-server
    port: "2222"
    authMethod: PUBLIC_KEY
    username: linuxserver.io
    privateKey: ${ED_KEY}
    commands:
      - "touch i_was_here"
  - id: "command-password"
    type: "io.kestra.plugin.fs.ssh.Command"
    host: openssh-server
    port: "2222"
    authMethod: PASSWORD
    username: linuxserver.io
    password: password
    commands:
      - "touch i_was_here"

Setup Instructions

  1. Generate key ssh-keygen -t ed255_19 -f keypair -P "" -N ""
  2. Create a simple SSH server (see above)
  3. Create flow like above
  4. Run it, enjoy
alexandrebrg commented 6 months ago

Hi, thanks a lot. Overall it looks good, I suggest some small code changes to make it coherent with the way we declare plugin properties.

Thanks for the review, I applied the changes

alexandrebrg commented 6 months ago

@loicmathieu Tests should now be passing properly :)